How are you improving API security testing?

Security & GRC Quality, Testing and Security

5.2k views2 Comments

Sort by:

CISO10 months ago

Make sure assessment tools consume the Open API standard such that the tool can interact with the API and some level of coverage can be achieved. https://swagger.io/specification/

API testing is pretty much usless without knowledge of how the API works and how to communicate with it.

Consider API discovery across all Internet facing endpoints to help uncover unknown API's

Director of IT in IT Servicesa year ago

We're constantly refining our API security testing by leveraging the latest tools and techniques to stay ahead of potential vulnerabilities. I am not mentioning tool names and techniques as the tools and techniques are dependent on API and use cases, the tool/technologies we are using may/may not be best for your organisation.

Content you might like

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

How can the risk management function be strengthened to counterbalance overly aggressive executive decisions?

How valuable to reducing change/fail % is it if a sys admin is able to predict the impact of a kernel or glibc change before applying the change to their Linux systems?

Highly valuable30%

Moderately valuable68%

Not valuable at all.1%

View Results

CISO here at a large enterprise—between NIS2, DORA, the Cyber Resilience Act, and growing internal pressure around shadow AI and ransomware response, it feels like we’re constantly balancing compliance overhead with real operational risk. What’s the one thing you’re losing the most sleep over in 2025?

What is the primary way your organization anticipates using AI agents within the next 12-18 months?

To automate routine tasks and workflows (e.g., scheduling, data entry, basic customer/patient service inquiries)25%

To enhance decision-making through advanced analytics and insights generation (e.g., risk assessment, market forecasting)44%

To create new products, services, or customer/patient experiences (e.g., personalized recommendations, virtual assistants)21%

To improve cybersecurity and fraud detection (e.g., threat analysis, anomaly detection)10%

We are not currently planning to implement AI agents within the next 12-18 months

View Results

How are you improving API security testing?

Sort by:

Content you might like

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

How can the risk management function be strengthened to counterbalance overly aggressive executive decisions?

How valuable to reducing change/fail % is it if a sys admin is able to predict the impact of a kernel or glibc change before applying the change to their Linux systems?

What is the primary way your organization anticipates using AI agents within the next 12-18 months?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go